What you could do originally did not require renaming of the file. Not having a suitable box handy, what happens with IE now if you type in a valid URL for a local file that you should NOT have access to (use the file:// xxxxxxxxx format)?? V/R Jim David Schwartz wrote: > > > Think that is scary? I cannot state about the current browser, but > > previous versions bypassed a lot of the NT security features. Happens > > when the browser is made an integral part of the OS - but for legal > > reasons and with apparently little concerns to security ones. > > I would say the reverse would be more of a security problem. You'd prefer > that somebody could create a web site with the same name as one of your > files and when you ask for the file, you get the web site? > > If you care about security, enter fully-qualified URLs, don't use > abbreviations. Any scheme to accept abbreviations will sometimes fail to get > you what you want. For example, what will your browser do if you just type > in "ftp.mydomain.com"? Will it take it as "http://ftp.mydomain.com"? Or will > it take it as "http://ftp.mydomaincom"? If you don't know and understand the > rules for expanding abbreviations, don't use abbreviations. > > I only wish you could disable them. Both IE and Netscape have done things I > didn't expect more than once. > > DS -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 16:05:08 PDT